<?php
session_start();
require_once('../../execute/inc/config.inc');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

$cpass=$_POST['cpass'];
$npass=$_POST['npass'];
$cnpass=$_POST['cnpass'];
$qry = mysql_query("SELECT * FROM perm_members WHERE id=".$_SESSION['SESS_USER_ID']);
$row = mysql_fetch_array($qry);

if(md5($cpass)==$row['password']){
	if($npass==$cnpass){
		$qry2 = mysql_query("UPDATE perm_members SET password = '".md5($npass)."' 
				WHERE id ='".$_SESSION['SESS_USER_ID']."'");
		if($qry2){
			header("Location: ../profile.php?changepass=success");
		}
	}
	else{
		header("Location: ../profile.php?changepass=fail");
	}
}
else{
	header("Location: ../profile.php?changepass=fail");
}
?>